An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
An organization's board would like to establish a formal risk management function and has asked the chief audit executive (CAE) to be involved in the process.
According to IIA guidance, which of the following roles should the CAE not undertake?
The chief audit executive (CAE) should not accept management's responsibility for risk management without board approval. Doing so would compromise the CAE's independence and objectivity, which are critical for effectively auditing and providing assurance on risk management processes. According to IIA guidance, maintaining independence and objectivity is essential for the internal audit function to perform its responsibilities effectively.
if source is scarty and board can tell that we ar monitoring your activity for risk managment, this is a understandable reason for this case
Does the CAE allowed to manage and coordinate risk management???
How the CAE would accept management responsibilities anyways? this is against objectivity even if board approve it. Anyone can explain?